Is there really a need for AV on macos these days?

perhaps less of a need than on some other o/s, but there are root exploits for macos out there: https://duckduckgo.com/?q=macos+root+exploits+2022

and as ever with infosec stuff, the best approaches are probably multi-layered, so having a workable AV is probably better than not having one

macos has its own builtin av

our business uses a dns filter to block known malware plus a centralised system that shows our IT folks what's on everyone's computers and what versions they're on, and skips installing custom AV. we focus on vetting apps and ensuring they're kept updated, and on blocking known malware sites.

how does that work @U0509NKGK ? i've currently got 4.5K packages in my /nix, ~300 homebrew packages, and innumerable npm, clojars, mvn deps, and a smaller number of binary deps, across many dev projects - it doesn't seem manageable without automation

ah, we focus that vetting effort on our non-technical staff 🙂

one thing that helps is that we provide everyone with computers, so non-work stuff happens elsewhere. that keeps the amount of 'out of character' software way down. our devs all have their own pcs and do their hobby stuff on there.

yeah, we give everyone computers too... almost all my stuff is work related - i don't really have any time for hobby stuff anymore AV doesn't seem to be a problem for non-devs anyway, they don't tend to have file-access patterns which require hitting large filetrees all at once i've been looking for any evidence that macos' built-in XProtect AV is any good ... there's not much detail around, and mostly what i can find says that its rules don't get updated very often, so it's perhaps unlikely to be protective against any novel threats